here is the fix http://svn.apache.org/viewvc?rev=682228&view=rev
Milind W sent the following on 8/3/2008 4:27 PM: > Just tried "ant clean" it made no difference. > I can proceed to main without being redirected to login with rev#679258. > > > Relevant log for rev#679258 > 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) > [RequestHandler.java:243:INFO ] [Processing Request]: main > sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 > 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) > [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a > view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 > 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) > [RequestHandler.java:584:INFO ] servletName=control, view=main > sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 > 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 > :INFO ] serverInfo: apache tomcat/6.0.16 > 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 > :INFO ] Apache Tomcat detected, using response.getWriter to write text out > instead of response.getOutputStream > > and with rev#677863 > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > RequestHandler.java:236:INFO ] [Processing Request]: main > sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > LoginWorker.java:262:INFO ] reqParams Map: [] > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > LoginWorker.java:263:INFO ] queryString: > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > LoginWorker.java:273:INFO ] checkLogin: queryString= > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a > view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > RequestHandler.java:578:INFO ] servletName=control, view=login > sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 > 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ > UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using > response.getWriter to write text out instead of response.getOutputStream > > The loginworker seems to be invoked with rev#677863 and not with rev#679258. > Any Idea? > >> Did you try an "ant clean" ? There have been some changes recently that >> implie this cleanup. >> >> Jacques >> >> From: "Milind W" <[EMAIL PROTECTED]> >>> Looks like I have a problem making this example work with >>> revision#679258 >>> >>> It worked fine (i.e I was redirected to login screen before I could get >>> to >>> main) with rev#677863 >>> >>> Looks like the view >>> <view-map name="login" type="screen" >>> page="component://marketing/widget/CommonScreens.xml#login" /> >>> is part of the problem. The CommonScreens.xml has moved and does no >>> longer >>> seem to have the 'login' screen. >>> >>> I tried finding another screen with the 'login' view. I found another >>> one >>> in the 'common' component and modified my hello controller to point to >>> <view-map name="login" type="screen" >>> page="component://common/widget/CommonScreens.xml#login"/> >>> but it is no acting the same as previously. >>> >>> Please let me know what is missing (or any suggestion how best to >>> illustrate login) so I can complete and contribute my tutorial for >>> security. Would hate to create a tutorial that worked with one specific >>> build. >>> >>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>> >>> Thanks >>> -Milind >>> >>>> hi, >>>> I got login to work by adding the changes below to my controller using >>>> ofbiz4.0. >>>> I don't think I follow the reason with OFBTOOLS base persmission not >>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>> But I agree with Si Chen on OFBIZ-829 >>>> "The right way is to assume no permission until one of the list of >>>> permissions is met." Seems more intitutive. >>>> For now I can workaround it so thanks all. >>>> -Milind >>>> >>>> >>>> >>>> <preprocessor> >>>> <!-- Events to run on every request before security (chains >>>> exempt) --> >>>> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" >>>> invoke="test"/> --> >>>> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" >>>> invoke="checkExternalLoginKey"/> >>>> </preprocessor> >>>> >>>> <!-- Request Mappings --> >>>> >>>> <request-map uri="checkLogin" edit="false"> >>>> <description>Verify a user is logged in.</description> >>>> <security https="false" auth="false"/> >>>> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" >>>> invoke="checkLogin" /> >>>> <response name="success" type="view" value="main" /> >>>> <response name="error" type="view" value="login" /> >>>> </request-map> >>>> >>>> <request-map uri="login"> >>>> <security https="false" auth="false"/> >>>> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" >>>> invoke="login"/> >>>> <response name="success" type="view" value="main"/> >>>> <response name="error" type="view" value="login"/> >>>> </request-map> >>>> >>>> >>>> <request-map uri="main"> >>>> <security https="false" auth="true" /> >>>> <response name="success" type="view" value="main"/> >>>> </request-map> >>>> >>>> <view-map name="login" type="screen" >>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>> >>>> >>>>> Not with a direct link to the comment where is the explanation ;p >>>>> Actually it was more a didactic post >>>>> >>>>> Jacques >>>>> >>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>> LOL >>>>>> that was the first link I sent on this thread. >>>>>> >>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>> >>>>>>> You would have get >>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>> >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>> <[EMAIL PROTECTED]> >>>>>>> To: <[email protected]> >>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>> >>>>>>> >>>>>>>> Let me try to break up questions. >>>>>>>> Should'nt adding >>>>>>>> base-permission="OFBTOOLS" >>>>>>>> to the ofbiz-entity.xml force the user to login with a user id that >>>>>>>> is >>>>>>>> associated to the OFBTOOLS security group? >>>>>>>> I can see the application I created and the line seems to have no >>>>>>>> effect. >>>>>>>> What is the purpose of the line? >>>>>>>> Thanks >>>>>>>> -Milind >>>>>>>> >>>>>>>>> Please not that opentaps is not at the same level of revision that >>>>>>>>> ofbiz >>>>>>>>> it >>>>>>>>> there have been changes to security. >>>>>>>>> there are examples in the >>>>>>>>> framework/example >>>>>>>>> and >>>>>>>>> framework/exampleext >>>>>>>>> I believe this to better tutorial >>>>>>>>> since they work already. >>>>>>>>> >>>>>>>>> >>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>> >>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>> >>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>> hi, >>>>>>>>>>>> Security Permissions >>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>> I want to understand how security works so I made the following >>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>> application >>>>>>>>>>>> would >>>>>>>>>>>> as >>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> This displays "java.lang.NullPointerException" in the browser. >>>>>>>>>>>> How do permissions precedence work starting from the UI to the >>>>>>>>>>>> entity >>>>>>>>>>>> layer. >>>>>>>>>>>> Help appreciated. >>>>>>>>>>>> Thanks >>>>>>>>>>>> -Milind >>>>>>>>>>>> >>>>>>>>>>>> Here is the log >>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] >>>>>>>>>>>> Type >>>>>>>>>>>> of >>>>>>>>>>>> event >>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] >>>>>>>>>>>> Path >>>>>>>>>>>> of >>>>>>>>>>>> event >>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] >>>>>>>>>>>> Method >>>>>>>>>>>> of >>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>> Error in request handler: >>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>> Message: null >>>>>>>>>>>> ---- stack trace >>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>> >>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>> >>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>> >>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>> >>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>> >>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>> >>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>> >>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>> >>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>> >>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>> >>> > > > > >
